My domain server's Netlogon could not start automatically after restarted the server.

However, I still can start it manually.

Is there any solution to make it starts automatically?

Please assist.

Hi,

have a look here https://support.microsoft.com/en-us/kb/269375

Can you provide Windows version and any error you notice in the event log?

The server's regedit already had "LanmanServer" and "LanmanWorkstation".

It is Windows Server 2008 R2 Standard 64 bit.

I am not sure whether is the below event log caused the Netlogon could not start automatically.

Log Name:      System
Source:        NETLOGON
Date:          6/4/2015 3:14:16 PM
Event ID:      5807
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DC2.abc
Description:
During the past 4.24 hours there have been 292 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
Event Xml:
<Event xmlns="http:/schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5807</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-04T07:14:16.000000000Z" />
    <EventRecordID>180977</EventRecordID>
    <Channel>System</Channel>
    <Computer>DC2.abc</Computer>
    <Security />
  </System>
  <EventData>
    <Data>4.24</Data>
    <Data>292</Data>
    <Data>20000000</Data>
    <Data>20000000</Data>
  </EventData>
</Event>

• Edited by SzeYin Friday, June 05, 2015 9:12 AM

The server's regedit already had "LanmanServer" and "LanmanWorkstation".

It is Windows Server 2008 R2 Standard 64 bit.

I am not sure whether is the below event log caused the Netlogon could not start automatically.

Log Name:      System
Source:        NETLOGON
Date:          6/4/2015 3:14:16 PM
Event ID:      5807
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DC2.abc
Description:
During the past 4.24 hours there have been 292 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.  The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
Event Xml:
<Event xmlns="http:/schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5807</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-04T07:14:16.000000000Z" />
    <EventRecordID>180977</EventRecordID>
    <Channel>System</Channel>
    <Computer>DC2.abc</Computer>
    <Security />
  </System>
  <EventData>
    <Data>4.24</Data>
    <Data>292</Data>
    <Data>20000000</Data>
    <Data>20000000</Data>
  </EventData>
</Event>

• Edited by SzeYin Friday, June 05, 2015 9:12 AM

This is not related, don't you have any other errors or warning around the time of your la

not related either, check for events with source "Service control manager" it tracks servic

...and did you read any of these? I'm flattered that you think I'm so good that I can guess what t

Try booting the server in Safe mode with networking and see the Net logon status.

Service startup type should be in automatic mode.

Hi SzeYin,

Is there any updates for your issue? Have you solved the problem?

Could you please offer us the EVENT ID which related to netlogon in the event log

Maybe you could refer to the article:

The Net Logon service does not start in Windows Server 2003 or in Windows Server 2008 after you restart the computer

https://support.microsoft.com/en-us/kb/2288059

Look forward to your reply.

Best Regards,

Mary Dong

• Edited by Mary DongMicrosoft contingent staff, Moderator 55 minutes ago

Hi,

On server where you are getting this error please run the following command. Make sure you open command prompt run as administrator. Provide the output of below command

net stats srv

Hi SzeYin,

Is there any updates for your issue? Have you solved the problem?

Could you please offer us the EVENT ID which related to netlogon in the event log

Maybe you could refer to the article:

The Net Logon service does not start in Windows Server 2003 or in Windows Server 2008 after you restart the computer

https://support.microsoft.com/en-us/kb/2288059

Look forward to your reply.

Best Regards,

Mary Dong

• Edited by Mary DongMicrosoft contingent staff, Moderator Monday, June 08, 2015 6:04 AM

Hi SzeYin,

Is there any updates for your issue? Have you solved the problem?

Could you please offer us the EVENT ID which related to netlogon in the event log

Maybe you could refer to the article:

The Net Logon service does not start in Windows Server 2003 or in Windows Server 2008 after you restart the computer

https://support.microsoft.com/en-us/kb/2288059

Look forward to your reply.

Best Regards,

Mary Dong

• Edited by Mary DongMicrosoft contingent staff, Moderator Monday, June 08, 2015 6:04 AM

can you export the system event log (in csv format) and share it on onedrive or similar? I assume the start mode of netlogon is "Autom

Try booting the server in Safe mode with networking and see the Net logon status.

Service startup type should be in automatic

Hi SzeYin,

Is there any updates for your issue? Have you solved the problem?

Could you please offer us the EVENT ID which related to netlogon in the event log

Maybe you could refer to the article:

The Net Logon service does not start in Windows Server 2003 or in Windows Server 2008 after you restart the computer

https:/support.microsoft.com/en-us/kb/2288059

Look forward to your reply.

Best Regards,

Mary Dong

Thank you for your reply.

But there is no "Event ID 3056" in my server's system log.

Hi,

On server where you are getting this error please run the following command. Make sure you open command prompt run as administrator. Provide the output of below command

net stats srv

Thanks for your reply. The result is as below:-

C:\Windows\system32>net stats srv
Server Statistics for \\ DC2

Statistics since 6/5/2015 9:17:30 PM

Sessions accepted                  43
Sessions timed-out                 0
Sessions errored-out               74

Kilobytes sent                     1471518
Kilobytes received                 10517

Mean response time (msec)          0

System errors                      0
Permission violations              20140
Password violations                150

Files accessed                     613082
Communication devices accessed     0
Print jobs spooled                 0

Times buffers exhausted

  Big buffers                      0
  Request buffers                  0

The command completed successfully.

hi,

Did your server last rebooted on below date. is that true?

Statistics since 6/5/2015 9:17:30 PM

hi,

Did your server last rebooted on below date. is that true?

Statistics since 6/5/2015 9:17:30 PM

Yes.

Our server has been restarted on 3/6/2015 10:25:17pm, 4/6/2015 9:03:25pm and 5/6/2015 9:17:10pm.

Are you getting any events for event id 2114 or 7024 in system event logs.

Yes. It has 7024 event ID but no event ID 2114. 

Log Name:      System
Source:        Service Control Manager
Date:          6/5/2015 9:18:20 PM
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DC2.abc
Description:
The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.
Event Xml:
<Event xmlns="http:/schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7024</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-05T13:18:20.576224900Z" />
    <EventRecordID>181393</EventRecordID>
    <Correlation />
    <Execution ProcessID="516" ThreadID="584" />
    <Channel>System</Channel>
    <Computer>DC2.abc</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">SQL Server Active Directory Helper</Data>
    <Data Name="param2">%%-1073741724</Data>
  </EventData>
</Event>

• Edited by SzeYin Monday, June 08, 2015 8:01 AM

Are you getting any events for event id 2114 or 7024 in system event logs.

Yes. It has 7024 event ID but no event ID 2114. 

Log Name:      System
Source:        Service Control Manager
Date:          6/5/2015 9:18:20 PM
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DC2.abc
Description:
The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.
Event Xml:
<Event xmlns="http:/schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7024</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-05T13:18:20.576224900Z" />
    <EventRecordID>181393</EventRecordID>
    <Correlation />
    <Execution ProcessID="516" ThreadID="584" />
    <Channel>System</Channel>
    <Computer>DC2.abc</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">SQL Server Active Directory Helper</Data>
    <Data Name="param2">%%-1073741724</Data>
  </EventData>
</Event>

• Edited by SzeYin Monday, June 08, 2015 8:01 AM

The event id you posted is for the service is used to publish SQL Server resources into Active Directory. It is disabled by default and launched by SQL Server itself, which it will do as required if set to Manual. Since it needs to connect to network resources the option would be to use a domain account for this identity. And as always, don't use a any personal account.

I am looking for error like " The Net logon service terminated with service-specific error"

Are you getting any kind of above error in your event log. also possible can you provide me with the details of roles installed and configured on domain controller. possible provide the OS details on DC.

The event id you posted is for the service is used to publish SQL Server resources into Active Directory. It is disabled by default and launched by SQL Server itself, which it will do as required if set to Manual. Since it needs to connect to network resources the option would be to use a domain account for this identity. And as always, don't use a any personal account.

I am looking for error like " The Net logon service terminated with service-specific error"

Are you getting any kind of above error in your event log. also possible can you provide me with the details of roles installed and configured on domain controller. possible provide the OS details on DC.

ttp://1drv.ms/1Gug4lK

There are only 5 roles have been installed:-

- Active Directory Domain Services

- DHCP Server

- DNS Server

- File Services

- Print and Document Services

OS is Windows Server 2008 R2 Standard 64 bit

hi,

Possible can you past the IPconfig /all output here without editing.

hi,

Possible can you past the IPconfig /all output here without editing.

Sorry that there is some p&c issue and I can't disclose our company's IP address.

Hope you understand.

Hi,

Ok I understand that.

Hi,

In that case follow the below similar issue given below also possible check your DNS settings on DC where you are getting this issue.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/612144f2-6ec5-4131-a6a1-e5b491ef1c41/netlogon-errors-on-domain-controllers?forum=winserverDS

1. On the desktop, right-click My Network Places, and then click Properties.
2. Right-click the appropriate connection object, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced.
5. Click DNS.
6. Click Add, type the IP address of the DNS server in the DNS server box, and then click Add.
7. Click the arrows to move the IP address of the Active Directory DNS server to the top of the list.
8. Click OK in the open dialog boxes to close them and save the new settings.
9. Stop and then restart the Netlogon Service.

Hi,

In that case follow the below similar issue given below also possible check your DNS settings on DC where you are getting this issue.

https:/social.technet.microsoft.com/Forums/windowsserver/en-US/612144f2-6ec5-4131-a6a1-e5b491ef1c41/netlogon-errors-on-domain-controllers?forum=winserverDS

To resolve this behavior, add the Internet Protocol (IP) address of the DNS server that is authoritative for the Active Directory domain  name to the IP Protocol (TCP/IP) Properties, and then move it to the top of the list:

1. On the desktop, right-click My Network Places, and then click Properties.
2. Right-click the appropriate connection object, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced.
5. Click DNS.
6. Click Add, type the IP address of the DNS server in the DNS server box, and then click Add.
7. Click the arrows to move the IP address of the Active Directory DNS server to the top of the list.
8. Click OK in the open dialog boxes to close them and save the new settings.
9. Stop and then restart the Netlogon Service.

Ok.  can you enable the Debug log for netlogon service. using the below command. once you do that restart the Dc and once it collected log upload the same.

nltest /dbflag:0x2080ffff

Log file path will be C:\Windows\debug\

Hi

First thing ,Check the netlogon service startup type is set to automatic . 

Ok.  can you enable the Debug log for netlogon service. using the below command. once you do that restart the Dc and once it collected log upload the same.

nltest /dbflag:0x2080ffff

Log file path will be C:\Windows\debug\

Hi

First thing ,Check the netlogon service startup type is set to automatic . 

Thanks for your reply.

Of course the service startup type already set to Automatic.

hi,

Can you upload the log file to common location and provide me with the path.

hi,

Can you upload the log file to common location and provide me with the path.

I had uploaded to OneDrive as per below:- (Please add the "h" in front)

ttps://onedrive.live.com/redir?resid=287b246df0861768!130&authkey=!ACLu_Yodp7yvNNc&ithint=file%2ctxt

Hi,

Thanks for uploading. Can you provide the name of DC having issue?

Hi,

Thanks for uploading. Can you provide the name of DC having issue?

Also possible can see event id 2103 and 2095 in the Directory Services Event log.

Hi,

Thanks for updating hope net logon service is configured with local System account in services.

Hi,

I have check the logs and based on that I can see Netlogon is paused on server. Can you please check the DNS settings on SA-DC how is TCP/IP or IP address are configured on domain controller. Also can you let us know is there DC restore or decommission without proper process. possible provide the output of following command

repadmin /replsum /errorsonly

06/09 19:33:58 [INIT] NlInit: DS is paused.
06/09 19:33:58 [CRITICAL] Cannot W32TimeGetNetlogonServiceBits 0x6ba
06/09 19:33:58 [MAILSLOT] TSUSHO_KL: Returning paused to 'SA-DC' since: DS paused
06/09 19:33:58 [CRITICAL] NetpDcHandlePingResponse: tsusho_kl: Netlogon is paused on the server. 0x14
06/09 19:33:58 [MAILSLOT] TSUSHO_KL: Returning paused to 'SA-DC' since: DS paused
06/09 19:33:58 [CRITICAL] NetpDcHandlePingResponse: tsusho_kl.: Netlogon is paused on the server. 0x14
06/09 19:33:58 [MAILSLOT] TSUSHO_KL: Returning paused to 'SA-DC' since: DS paused
06/09 19:33:58 [CRITICAL] NetpDcHandlePingResponse: tsusho_kl: Netlogon is paused on the server. 0x14

Hi,

Thanks for updating hope net logon service is configured with local System account in services.

Hi,

I have check the logs and based on that I can see Netlogon is paused on server. Can you please check the DNS settings on SA-DC how is TCP/IP or IP address are configured on domain controller. Also can you let us know is there DC restore or decommission without proper process. possible provide the output of following command

repadmin /replsum /errorsonly

 

06/09 19:33:58 [INIT] NlInit: DS is paused.
06/09 19:33:58 [CRITICAL] Cannot W32TimeGetNetlogonServiceBits 0x6ba
06/09 19:33:58 [MAILSLOT] TSUSHO_KL: Returning paused to 'SA-DC' since: DS paused
06/09 19:33:58 [CRITICAL] NetpDcHandlePingResponse: tsusho_kl: Netlogon is paused on the server. 0x14
06/09 19:33:58 [MAILSLOT] TSUSHO_KL: Returning paused to 'SA-DC' since: DS paused
06/09 19:33:58 [CRITICAL] NetpDcHandlePingResponse: tsusho_kl.: Netlogon is paused on the server. 0x14
06/09 19:33:58 [MAILSLOT] TSUSHO_KL: Returning paused to 'SA-DC' since: DS paused
06/09 19:33:58 [CRITICAL] NetpDcHandlePingResponse: tsusho_kl: Netlogon is paused on the server. 0x14

The primary DNS is SA-DC's IP address and the secondary DNS is primary DC's IP address.

We had promote a new DC at our HQ but we have not restore or decommission any DC yet.

repadmin /replsum /errorsonly    (result)

Replication Summary Start Time: 2015-06-10 14:11:16

Beginning data collection for replication summary, this may take awhile:
  .......

Source DSA          largest delta    fails/total %%   error
 DOMAINSVR                 16m:49s    0 /  15    0
 SA-DC                 12h:31m:49s   10 /  15   66  (1396) Logon Failure: The target account name is incorrect.
 TSUSHO_MY01               24m:36s    0 /  10    0
 TSUSHO_MY05               09m:23s    0 /  10    0

We were facing 1256 event and 1396 event before and I had posted in this forum as well.

https:/social.technet.microsoft.com/Forums/windowsserver/en-US/63949f91-6090-42b1-9aa7-d31f81f5b2ce/replication-error-from-windows-server-2008-r2-to-windows-server-2003-r2?forum=winserverDS#882900c7-f87d-4d9b-8293-96fdf4f47040

I found it was due to this Netlogon service automatically paused issue last few days. After I restarted the Netlogon service at SA-DC, the replication working fine after 1 hour.

Hi,

I think at this stage you can think of demoting and promoting the DC.

Hi,

I think at this stage you can think of demoting and promoting t

I didn't mean to upgrade. You demote a DC making a member server of it, then you promote it back to DC.

On windows 2008 R2 you do that with dcpromo and it will take a couple of hours at latest.

dcpromo

SA-DC                 12h:31m:49s   10 /  15   66  (1396) Logon Failure: The target account name is incorrect.

In that case you have to  transfer the roles if any on SA-DC to another DC. Demote the DC using the DCpromo command and once it is demoted wait for replication to get completed and server demotion is reflected across sites. start the Re-promoting the DC again and again wait for replication and check the status. 

Hello 

Please check the below reg key

key HKLM\System\CurrentControlSet\Services\NTDS\Parameters 

• Edited by San4wish 15 hours 39 minutes ago

Hello 

Please check the below reg key

key HKLM\System\CurrentControlSet\Services\NTDS\Parameters 

• Edited by San4wish Wednesday, June 10, 2015 3:21 PM

You might share dc

SA-DC                 12h:31m:49s   10 /  15   66  (1396) Logon Failure: The target account name is incorrect.

In that case you have to  transfer the roles if any on SA-DC to another DC. Demote the DC using the DCpromo command and once it is demoted wait for replication to get completed and server demotion is reflected across sites. start the Re-promoting the DC again and again wait for replication and check the status. 

Will it affect those user PCs under this DC or will it cause any downtime?

Sorry that I am not familiar with promoting and demoting a DC.

I didn't mean to upgrade. You demote a DC making a member server of it, then you promote it back to DC.

On windows 2008 R2 you do that with dcpromo and it will take a couple of hours at latest.

dcpromo